Tech policy has changed post-Snowden

By Lori Atherton
U-M Law

While the reforms to Section 215 of the Patriot Act passed by Congress in June are helpful in restricting the National Security Agency’s surveillance powers, they don’t fully promote the balance of privacy and security that is needed in government surveillance programs, according to Gautam Hans, policy counsel and director of the Center for Democracy & Technology (CDT) in San Francisco.

“National security is important to protect, but it is so easily overextended that it needs to have strong oversight congressionally, in the courts, and in the executive branch,” Hans said. “We’re not there yet, but what is good is that there is public opinion in our favor.”

Hans, whose work with CDT focuses on digital civil liberties policy, outreach, and development, visited  the University Michigan Law School recently to discuss how tech policy has changed as a result of Edward Snowden’s NSA disclosures in 2013, and also taught a session of Professor Bryce Pilz’s IP Strategy class, focusing on privacy and security issues for startups. His talk covered the issues of surveillance, cyber security, civil and criminal government collection, and online free expression, which Hans said is changing as a result of an increase in government requests to remove Internet content.

“More countries are making takedown requests and more countries are wanting content taken down that they don’t like, which could be illegal under local laws,” Hans said. “In Europe, there are anti-Nazi propaganda laws that prevent the expression of certain speech that here in the U.S. we would not consider to be illegal under the First Amendment. But in Europe, there can be stricter content laws. What we are now seeing is not just speech regulation related to hate speech, but also to content that might be anti-government that authoritarian regimes want to suppress. You end up with an Internet in which the transnational promise of free speech isn’t as strong as it once was. These takedown requests are a threat to the speech and communications we’ve historically had online for the last two decades since the dawn of the commercial Internet.”

Hans said data security is increasingly becoming an issue, particularly since more computer security specialists—often referred to as “white-hat hackers”—are accessing networks and systems to expose their vulnerabilities in order to improve system security. He referenced an experiment in July in which two hackers took control of a Jeep Cherokee while the driver was in it to demonstrate the vulnerabilities of the onboard systems. “It’s scary that your car could stop working or your utilities could be turned off because someone maliciously hacked into the system,” Hans said. “This could happen from both an individual and at the government level.”

Hans said he personally supports the work of white-hat hackers, who he views as exposing vulnerabilities not for malicious intent but to strengthen a company’s data security. “We need to have a more robust system in which researchers can help to bolster the security practices of companies and their users,” he said.